ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "The insider perspective on the event-stream compromise (Interview)"
Episode Synopsis
Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.
More episodes of the podcast The Changelog: Software Development, Open Source
NOT a swarm! (Friends)
21/11/2025
Creating communal computers (Interview)
19/11/2025
Why is Zig so cool? (News)
17/11/2025
Retreat to attack (Friends)
14/11/2025
DO repeat yourself! (Interview)
12/11/2025
This new AI role is exploding (News)
10/11/2025
#define: sheer resistance (Friends)
07/11/2025
The overlooked power of URLs (News)
03/11/2025
We see dead projects (Friends)
31/10/2025
In God we trust